Information Disclosure in IBM Security Secret Server 10.7
CVE-2020-4341

2.7LOW

Key Information:

Vendor: IBM
Status: Security Secret Server
Vendor: CVE Published:; 24 June 2020

Summary

A vulnerability exists in IBM Security Secret Server 10.7 that permits a remote attacker to exploit detailed technical error messages returned by the application. When these error messages are exposed, they can inadvertently reveal sensitive information which may assist the attacker in conducting further attacks on the system. This presents a significant risk to the security and confidentiality of user data.

Affected Version(s)

Security Secret Server 10.7

References

https://www.ibm.com/support/pages/node/6237084

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/178181

vdb-entryx_refsource_XF

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2020
Vulnerability Reserved
Dec 30, 2019